Source: pgpool2 Version: 4.6.0-2 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 4.3.5-1
Hi Christoph, The following vulnerability was published for pgpool2. CVE-2025-46801[0]: | Pgpool-II provided by PgPool Global Development Group contains an | authentication bypass by primary weakness vulnerability. if the | vulnerability is exploited, an attacker may be able to log in to the | system as an arbitrary user, allowing them to read or tamper with | data in the database, and/or disable the database. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-46801 https://www.cve.org/CVERecord?id=CVE-2025-46801 [1] https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.6.1.2C_4.5.7.2C_4.4.12.2C_4.3.15_and_4.2.22_officially_released_.282025.2F05.2F15.29_2 [2] https://git.postgresql.org/gitweb/?p=pgpool2.git;a=commit;h=d8e2ace8737f64eee2bf5ca74f6294835fb75ccb Regards, Salvatore
